Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
...I know that Facebook has various countermeasures for dealing with the even more various types of fraud that Facebook users are subjected to. Does it really believe that those measures are so effective, no fraudulent message can ever get through?
...the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn't successful...
Added to the Stuxnet (3) resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3.
Zeus-associated malware (and that includes SpyEye and "SpyZeuS") isn't supernaturally difficult to detect. It is, however, pretty adaptive and has introduced, from time to time, some innovative counter-detection techniques.
…an article by William Gibson (yes, that William Gibson) draws a connection between Brain (a 25-year-old PC virus) and Stuxnet. 25 Years of Digital Vandalism. He doesn't seem to think much of Stuxnet, drawing a much-to-the-point riposte from Bob McMillan: http://twitter.com/#!/bobmcmillan/status/30533396702699520. Links added to Stuxnet Information and Resources (3). David Harley CITP FBCS CISSP ESET
The next AMTSO members meeting is getting pretty close… It's being held in San Mateo on the 10th and 11th February. More information, including the preliminary agenda, on the AMTSO meetings page. David Harley CITP FBCS CISSP ESET Senior Research Fellow
This is the 3rd volume of an ongoing Stuxnet resources blog article, supplementing our paper "Stuxnet Under the Microscope".
...many scams work by panicking victims into taking some unwise action, whether it's parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites...
@imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even.
Added to the Stuxnet resources article 19th January 2011...
Added to the Stuxnet resources page today ... something of a second wave of commentary that's a little more cautious about accepting the NYT's conclusions.
While most of the recent media interest in Stuxnet has centred on the New York Times story, there's been some thoughtful research published that considers it as just one aspect of larger issues: cyberwarfare, cyberespionage, cybersabotage and so on.
...The NYT article strikes me as being well-researched, well-written, and well worth reading, and the involvement of Dimona is more plausible than much of the speculation I've seen, but it's still hard to distinguish hard fact from sheer guesswork...
...today's New York Times article "Israel Tests on Worm Called Crucial in Iran Nuclear Delay" ... is a notable addition to the information and commentary on this aspect of the Stuxnet phenomenon...
My Russian colleague Aleksandr Matrosov reports that this week he received an interesting sample from forensic investigation specialists Group-IB. The threat in question is detected by ESET products as Win32/Sheldor.NAD, and coverage by other vendors is reasonable: see http://www.virustotal.com/file-scan/report.html?id=9f3ff234d5481da1c00a2466bc83f7bda5fb9a36ebc0b0db821a6dc3669fe4e6-1294926672. The interesting feature of this sample is that it uses the TeamViewer 5.0 standalone component to effect remote control of the
Tony Dyhouse writes in SC Magazine about the political implications for the security community of the Stuxnet and Wikileaks incidents. The link has also been added to the Stuxnet resources post at /2011/01/03/stuxnet-information-and-resources/5731 on 14th January 2011.. David Harley CITP FBCS CISSP
Added to the resources blog at https://www.welivesecurity.com/2011/01/03/stuxnet-information-and-resources: Report of a Stuxnet-unrelated vulnerability in SCADA software A speculative cyberwar link Some links on Iranian post-Stuxnet "cybermilitia" recruitment. http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes David Harley CITP FBCS CISSP
This isn't really Threatblog fodder, but I'd like to take the opportunity to congratulate Richard Marko and Andrew Lee on their accession to ESET CEO superstardom. Richard has been appointed as global CEO of the ESET group, while Andrew has returned to ESET LLC as its CEO. It's good to know, though, that Miroslav Trnka
...In fact, while the season for the traditional end of year crystal ball-gazing is pretty much over, I'll venture a few extra predictions based on recent observations of the support scam business...
If you haven't yet had enough of the crystall balls that have been bouncing all over the media and the blogosphere in the past few weeks...
I’m in Washington right now, at the CSI conference. It won’t surprise regular readers to know I’m here to talk about testing anti-malware products (again!) So it may not surprise you to know also that I’m particularly interested to see an article [link no longer available – DH 2017] by Larry Seltzer that looks at the documents
whitelisting itself is hybrid...And it works best as one layer of a defensive strategy, at any rate in the version of the internet in which we currently find ourselves.
AMTSO, the Anti-Malware Testing Standards Organization, have just issue a press release [broken link removed 2017] about the guidelines documents just published on their web site after ratification by everyone present at the AMTSO meeting in Oxford at the end of October. You may have noticed that we’re quite optimistic about the beneficial future impact of
There is no way of eliminating the risk of data loss completely because systems, however good they are, are implemented, administered and used by human beings.
When I get a chain letter like this, I don't usually respond to everyone else who received it, even when it's a hoax (as it usually is)...
The election may be over, but the bad guys are still milking it, and there are lessons to be learned. I guess there’s nothing that brings out the worst in human nature like an election. There were all those chain letters, rumours and hoaxes about how various candidates were undesirable, un-American, immoral etc. Then there were
In "Viruses Revealed", Robert Slade and I said that ""In many ways, the Internet Worm is the story of data security in miniature."
I just came got back from Oxford (that's the one in the UK, by the way), where the Anti-Malware Testing Standards Organization held its latest two-day meeting.
Recently we noticed a thread in a forum associated with a free security product, originating in an open letter to a well-known tester, asking him to donate his sample set for the improvement of the product.
From time to time we are asked to provide samples or malicious URLs to individuals and groups who are not in the full-time testing business. We do, of course, share such material with other actors in the security industry who are within our web of trust, but are not usually able to honor requests from
…and for once we’re not one of the vendors getting hammered. Secunia, a Danish company that sends out security notifications, has announced that it has tested a dozen security suites. Interestingly, Secunia used a number of exploits developed in-house for analysing vulnerabilities rather than the sort of malware sample based testing that we’re more used
I don’t suppose you thought they did. But just to prove that scammers have no compunction about using people’s understandable fears about the current financial crisis as a means of stealing from them, here’s a short extract from a fairly typical example of a current wave of fraudulent emails. “Subject: New campaign against financial markets
Memetic malware, in case you haven’t heard me ranting on the subject before, is a pseudo-technical term applied by some to hoaxes, semi-hoaxes, urban legends and so on, especially when spread via email and other Internet services. The adjective memetic derives from the coining by Richard Dawkins of the noun meme, which he described in
When it comes to installation sizes, smaller is actually better, as long as essential features like detection aren’t compromised in order to reduce footprint, and we at ESET like to think that’s a trade-off we manage rather well. With all due respect to our colleagues and competitors at Symantec, their products, on the other hand,
As you may have noticed, we’ve been a little busy in the past few weeks, with major conferences and workshops in Estonia, Florida, and the Virus Bulletin conference in Ottawa. Unfortunately, we can’t tell you much about most of these: while some very important work on the mitigation of malware is done in and around
VirusTotal is a tool many people find very useful as a shortcut to checking a possibly malicious file, but it isn't a detection test
We’re quite proud of our record of low false positive rates, despite the occasional slip-up (all AV scanners have them: it’s an unfortunate fact of life, but we like to think that our usefulness in detecting real malware outweighs them in the long term). However, I’ve just been advised by our friends at Sophos (yes,
According to the Wired blog, non-critical laptops in the International Space Station were infected in July with malware: according to spaceref.com it was a (fairly old)password stealer that captures gaming credentials and spreads using autorun.inf (See? We told you these were problems!). Spaceref.com also reckon that quite a few systems on the space station don’t carry
ESET is very interested in and supportive of the Anti-Malware Testing Standards Organization (AMTSO), which aims to raise testing standards across the board and reduce the impact of misleading, poorly-conceived and -implemented comparative testing. Like many in the industry, we believe that benefits the end-user and the industry, and I’ve been heavily involved personally in
There is a worm which is aggressively broadcasting itself to Windows Live Messenger users, and possibly via social networking services (MySpace, Hi5, etc.). It’s known to affect users of MSN, AIM and Triton, and we have had several reports from people who were contacted by compromised hosts. When it infects a PC, the current version of the
